Opened 4 weeks ago
Last modified 3 weeks ago
#36575 assigned Cleanup/optimization
Document using a link for LogoutView
| Reported by: | Alex Dehnert | Owned by: | 2000023946 |
|---|---|---|---|
| Component: | Documentation | Version: | 4.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Alex Dehnert | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The Django 4.1 release notes mention:
If you want to retain the user experience of an HTML link, you can use a form that is styled to appear as a link:
<form id="logout-form" method="post" action="{% url 'admin:logout' %}"> {% csrf_token %} <button type="submit">{% translate "Log out" %}</button> </form>
However, the admin:logout view appears to require the the user have admin access (at least, empirically, my user that doesn't gets redirected to /admin/ and then /admin/login/). The plain logout URL name (https://docs.djangoproject.com/en/5.2/topics/auth/default/#django.contrib.auth.views.LogoutView), which doesn't require this, seems like a better fit.
(Relatedly, this information seems pretty timeless -- should it be included in say the docs for LogoutView, rather than just some increasingly-old release notes? Presumably somebody writing a brand-new Django 5.2 app *also* wants to know how to make a logout link. I spent a bit looking around the docs and don't see it mentioned anywhere -- actually, I was a little surprised that the tutorial doesn't obviously mention extending base templates and provide a sample template with a login link, logout link, etc..)
Change History (4)
comment:1 by , 4 weeks ago
comment:2 by , 4 weeks ago
| Summary: | Document logout link workaround with a better URL name → Document logout view a link for LogoutView |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
| Version: | 5.1 → 4.1 |
Thank you for the suggestion. I agree this information is useful and shouldn't be hidden in the 4.1 release notes.
I would suggest something be added to the bottom of the LogoutView docs (similar to how the LoginView docs has an example at the bottom). I also think that folks find this confusing came up in a conference talk.
I don't think updating the 4.1 release notes adds too much value as this is no longer a supported release and we keep old release notes quite static
comment:3 by , 4 weeks ago
| Summary: | Document logout view a link for LogoutView → Document using a link for LogoutView |
|---|
comment:4 by , 3 weeks ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
I also argue in #36576 that
admin:logout*should* work for logging out non-admin users, but I contend that usingadmin:logout*here* is wrong independent of that. If nothing else, it appears that `auth.logout` and the admin variant can use different templates, and presumably most people following these directions to add a logout link are doing it outside the admin context -- the admin has a logout link provided. That said, it's obviously much worse because of #36576 (I only noticed the discrepancy when I finally went to log out a user without admin access, and that wouldn't have been relevant without #36576).